SC Malaysia targets senior roles for cyber security issues

Latest cyber security guidelines implemented by the Securities Commission Malaysia follow a recurring industry trend of senior management taking an active role in cyber security.
By Paul Walsh
The Securities Commission Malaysia (SC) has ordered senior management and board members of capital market entities to take active responsibility in cyber security issues in its new guidelines.

Effective immediately ‘The Guidelines on Management of Cyber Risk’ aim to ensure that the cyber threat is managed correctly in light of the changing market landscape and to protect capital market entities.

Under the guidelines, capital market entities must stipulate the roles and responsibilities of the board and senior management in building cyber resilience.

Entities must also identify a responsible person to be accountable for the effective management of cyber risk.

In addition, latest SC requirements stipulate that regulated entities are required to implement a risk management framework to minimise threats, identify vulnerabilities and ensure a timely response in the event of a breach.

Such entities are also required to report cyber incidents to the SC.

The measures represent the latest development for industry participants aiming to counter the cyber threat.

Speaking to Global Custodian last month, Euroclear CEO for UK and Ireland John Trundle spoke of how cyber security had evolved away from being a purely technical issue and now impacted senior business leaders.

“Business leaders do not need to understand every last detail of the technical threat, but they need to be on top of the broad types of threat that we face and the best ways to try to mitigate, prevent and respond,” said Trundle.

The SC has said the guidelines will “provide a platform” for SC to collaborate with market entities and participants to enhance cyber resilience on an ongoing basis.

“Against a backdrop of increased adoption of technology in capital market activities, operations of market intermediaries, market infrastructure and market-based financing platforms, it is imperative to ensure vigilant management of cyber risk,” said Foo Lee Mei, executive director and general counsel, Securities Commission Malaysia.

“This will minimise disruption to the capital market, protect investors’ confidential data and preserve market confidence,” said Lee Mei.